Hi,
product version = 9.0.1 product type = Angular product framework type = .net core 3.1
SecurityTokenExpiredException reported in Azure
Reviewing SQL activity, the DTU utilization is low
Reviewing application insights in Azure for the web app there are frequent exceptions raised around SecurityTokenExpiredException.
Digging into the transaction detail for one example, a 12.7 delay was caused by this exception consuming /api/TokenAuth/Authenticate
Simply refreshing the login page is one example where the exception is raised. timings can vary.
Logs: Microsoft.IdentityModel.Tokens.SecurityTokenExpiredException: at Microsoft.IdentityModel.Tokens.Validators.ValidateLifetime (Microsoft.IdentityModel.Tokens, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateLifetime (System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload (System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken (System.IdentityModel.Tokens.Jwt, Version=5.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at SSD.Web.Authentication.JwtBearer.SSDJwtSecurityTokenHandler.ValidateToken (SSD.Web.Core, Version=9.0.1.0, Culture=neutral, PublicKeyToken=null: D:\a\1\s\SSD\aspnet-core\src\SSD.Web.Core\Authentication\JwtBearer\SSDJwtSecurityTokenHandler.cs:42) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler+<HandleAuthenticateAsync>d__6.MoveNext (Microsoft.AspNetCore.Authentication.JwtBearer, Version=3.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60)
Thanks
14 Answer(s)
-
0
Hi @shedspotter
That error is thrown by System.IdentityModel.Tokens.Jwt.ValidateToken method, (see:https://docs.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler.validatetoken?view=azure-dotnet). Refreshing your browser should not cause the error. Can you please check these:
- Check if your token lifetime is long enough.(https://github.com/aspnetzero/aspnet-zero-core/blob/2269967cc03e5c460e2d6c0833cb97feaa5d1fad/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application.Shared/AppConsts.cs#L49)
- Check if your current token is really expired? (you can use https://jwt.io/)
- Check if your current token exists, if it exists store it. Then refresh your browser and check if they are equal.
-
0
Hi @musa.demir
Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6Ijk0IiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI6ImNzaGFoIiwiQXNwTmV0LklkZW50aXR5LlNlY3VyaXR5U3RhbXAiOiJXR0wyWEg1RFg1Sk9aWEFMU0FUM1Y0V1BUUURDSVJKRSIsImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSI6IkFkbWluIiwiaHR0cDovL3d3dy5hc3BuZXRib2lsZXJwbGF0ZS5jb20vaWRlbnRpdHkvY2xhaW1zL3RlbmFudElkIjoiMTAyIiwiaHR0cDovL3d3dy5hc3BuZXRib2lsZXJwbGF0ZS5jb20vaWRlbnRpdHkvY2xhaW1zL2ltcGVyc29uYXRvclVzZXJJZCI6IjEiLCJzdWIiOiI5NCIsImp0aSI6ImM1OTRmZDA1LWYyMTUtNDhhYy05ODYyLWVkZWE2ZjFlMzdjMSIsImlhdCI6MTYzNTMxMDkzNiwidG9rZW5fdmFsaWRpdHlfa2V5IjoiZmNjY2ZhNDktNWRjMi00ODYwLWE0OGQtMDdkY2I3YjUzNDBiIiwidXNlcl9pZGVudGlmaWVyIjoiOTRAMTAyIiwidG9rZW5fdHlwZSI6IjAiLCJuYmYiOjE2MzUzMTA5MzYsImV4cCI6MTYzNTM5NzMzNiwiaXNzIjoiU1NEIiwiYXVkIjoiU1NEIn0.M4VujdjiMq4QBVJ3EU2e_FtVdPwQNm1-ncqhdiRJcBc
-
0
Hi @shedspotter
Can you reproduce the problem ? If so, could you share your website URL and a test user account credentials with [email protected] ? If we can reproduce the problem, we can understand the real cause.
-
0
Hi,
I'm also getting a lot of SecurityTokenExpiredException exceptions.
We are having these exeptions with all tenants in the same timezone.
These exceptions are happening mainly with following endpoints :
- POST /api/TokenAuth/Authenticate
- POST /signalr/negociate
SecurityTokenExpiredException is sometimes followed by SecurityTokenInvalidSignatureException.
Our app is having performance issues and we are tracking these exceptions on AppInsights.
I don't know how to reproduce this and help you guys to find the issue...
Please, tell me how can I help finding this issue ?
-
0
Hi @ismcagdas,
I'm using Abp 6.4. I can add a log as you requested and come back to you after.
While analysing this issue on my code, I found that CreateJwtClaims method uses CacheManager... And I just figured out that I'm having issues with CacheManager when my Azure AppService is running on multiple instance. For example, when running with 2 instances, I'm not able to switch user to different tenant accounts (like this https://support.aspnetzero.com/QA/Questions/9502/Switching-tenant-fails-in-mutiple-docker-container-instances-setup)
Therefore, I'm wondering if all these issue are coming from cache management ? (Should I use Redis ?) What do you think ?